alt Hacker NewsThe general mechanism to prevent abuse is that the person giving the order is distinct from the person performing the action. This ensures that a second set of eyes inspects the order and notes any inconsistencies. Such a control was lacking in this case.
I understand the general concept of two people enabling a sign off system.
However, I'm absolutely unconvinced the CEO of a small bank wouldn't be able to convince a subordinate in an office of 20, max, to "verify it has no inconsistencies" rather than "gee this sure does seem stupid"